From 7608a9e4733af73c9c2f48e07df070fba1bc4a26 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 12 Apr 2026 05:14:55 +0000 Subject: [PATCH] chore: update drain3 default weights from daily training run --- pkg/agentdrain/data/default_weights.json | 2636 ++++++++++++++-------- 1 file changed, 1697 insertions(+), 939 deletions(-) diff --git a/pkg/agentdrain/data/default_weights.json b/pkg/agentdrain/data/default_weights.json index 74ea4e2b819..a485d282a93 100644 --- a/pkg/agentdrain/data/default_weights.json +++ b/pkg/agentdrain/data/default_weights.json @@ -8,99 +8,50 @@ "template": [ "stage=error", "reason=The", + "Serena", + "MCP", + "server", "tools", - "`activate_project`", - "and", - "`find_symbol`", + "(activate_project,", + "find_symbol)", "are", "not", "available", "in", "this", - "environment.", - "These", - "appear", - "to", - "be", - "Serena", - "language", - "server", + "agent's", + "toolset.", + "Only", + "the", + "following", "MCP", - "tools,", - "which", + "tool", + "namespaces", "are", - "not", - "listed", - "among", - "the", - "tools", - "I", - "have", - "access", - "to.", - "tool=activate_project", - "/", - "find_symbol", - "(Serena", + "available:", + "mcpscripts-gh,", + "agenticworkflows-*,", + "playwright-*,", + "safeoutputs-*,", + "github-*.", + "tool=Serena", "MCP", + "server", + "(activate_project,", + "find_symbol", "tools)", "type=missing_tool" ] - }, - { - "id": 2, - "size": 1, - "stage": "error", - "template": [ - "stage=error", - "reason=Phase", - "0", - "prerequisite", - "check", - "failed:", - "the", - "`close_discussion`", - "safe-output", - "tool", - "is", - "required", - "to", - "archive", - "previous", - "daily", - "regulatory", - "discussions", - "before", - "creating", - "a", - "new", - "report,", - "but", - "it", - "is", - "not", - "available", - "in", - "the", - "current", - "safe-output", - "toolset", - "(only:", - "create_discussion,", - "missi", - "[Content", - "truncated", - "due", - "to", - "length]", - "tool=close_discussion", - "type=missing_tool" - ] } ], "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -138,7 +89,7 @@ "RareClusterThreshold": 2, "SimThreshold": 0.4 }, - "next_id": 3 + "next_id": 2 }, "finish": { "clusters": [ @@ -146,12 +97,21 @@ "id": 1, "size": 100, "stage": "finish", - "template": ["stage=finish", "\u003c*\u003e", "tokens=\u003cNUM\u003e"] + "template": [ + "stage=finish", + "\u003c*\u003e", + "tokens=\u003cNUM\u003e" + ] } ], "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -195,14 +155,23 @@ "clusters": [ { "id": 1, - "size": 58, + "size": 86, "stage": "plan", - "template": ["stage=plan", "errors=\u003cNUM\u003e", "turns=\u003cNUM\u003e"] + "template": [ + "stage=plan", + "errors=\u003cNUM\u003e", + "turns=\u003cNUM\u003e" + ] } ], "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -246,7 +215,12 @@ "clusters": null, "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -290,7 +264,12 @@ "clusters": null, "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -333,7 +312,7 @@ "tool_result": { "clusters": [ { - "id": 12, + "id": 4, "size": 1, "stage": "tool_result", "template": [ @@ -341,296 +320,605 @@ "message=No", "action", "needed:", - "The", - "pre-agent", - "step", - "did", - "not", - "produce", - "a", - "pr-filter-results.json", - "file", - "at", - "the", - "workspace", - "root.", - "Without", - "the", - "pre-filtered", - "PR", - "list,", - "no", - "contribution", - "checks", - "could", - "be", - "dispatched.", - "The", + "GitHub", + "Remote", + "MCP", + "authentication", + "test", + "PASSED.", + "Successfully", + "retrieved", "repository", - "currently", - "has", - "2", - "open", - "PRs", - "(#25532,", - "#25403),", - "but", - "both", - "appear", - "to", - "be", - "authored", - "by", - "`@Copilot`", - "(the", - "coding", - "agent)", + "data", "and", - "may", - "have", - "been", - "filtered", - "out", - "by", + "3", + "open", + "issues", + "using", + "GitHub", + "MCP", + "tools.", + "Authentication", + "with", "the", - "pre-agent", - "step.", - "No", - "report", - "issue", - "was", - "created.", + "GitHub", + "Actions", + "token", + "is", + "working", + "correctly.", "status=noop" ] }, { - "id": 13, + "id": 18, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "DIFC", - "integrity-filtered", - "events", - "found", - "in", + "ADR", + "enforcement", + "needed:", + "PR", + "#25868", + "does", + "not", + "have", "the", - "last", - "7", - "days.", - "The", - "filtered-logs.json", - "contained", - "16", - "workflow", - "runs", - "(IDs:", - "24207309248,", - "24204964096,", - "24204964101,", - "23943687887,", - "23943472009,", - "23940778805,", - "24197644015,", - "24193714728,", - "24189259135,", - "24186119866,", - "24175322446,", - "24172071943,", - "24148090336,", - "24142323339,", - "24138665837,", - "24137591061),", - "but", - "none", + "'implementation'", + "label", + "and", + "has", + "only", + "~37", + "new", + "lines", "of", - "the", - "audited", - "runs", - "contained", - "`gateway_analysis.filtered_events`", - "data", - "—", - "no", - "DIFC", - "integrity-filtering", - "events", - "were", - "recorded", - "for", - "this", - "repository", + "code", "in", + "business", + "logic", + "directories", + "(pkg/cli/", + "and", + "pkg/workflow/),", + "which", + "is", + "≤100.", + "The", + "remaining", + "202", + "changed", + "files", + "are", + ".github/workflows/*.lock.yml", + "recompilations", + "that", + "remove", "the", - "analysis", - "window.", + "separate", + "firewall-audit-logs", + "upload", + "step", + "—", + "those", + "are", + "pure", + "deletions", + "with", + "zero", + "additions.", "status=noop" ] }, { - "id": 14, + "id": 28, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", - "message=No", - "action", - "needed:", - "Reviewed", - "187", - "lock", - "files", - "(last", - "run", - "was", - "2026-04-08,", - "within", - "the", - "3-day", - "skip", - "threshold).", - "Only", - "change", - "since", - "last", - "run", - "is", - "e406559", - "(test", - "fix,", - "no", - "step", - "name", - "changes).", - "Verified", - "open", - "issues", - "#23941", - "(Cache", - "naming,", + "message=✅", + "Daily", + "malicious", + "code", + "scan", + "completed", + "—", + "2026-04-11", + "**Analysis", + "window**:", + "Last", "3", - "files)", + "days", + "(2026-04-08", + "→", + "2026-04-11)", + "**Commits", + "reviewed**:", + "119", + "commits", + "**Files", + "analyzed**:", + "578", + "changed", + "files", + "**Authors**:", + "Copilot", + "bot", + "(85),", + "github-actions[bot]", + "(25),", + "Landon", + "Cox", + "(7),", + "dependabot", + "(1),", + "Salman", + "Chishti", + "(1),", + "Mara", + "Nikola", + "Kiefer", + "(1)", + "**Patterns", + "scanned**:", + "-", + "Secret", + "exfiltration", + "(token", + "+", + "network", + "call", + "combinations)", + "-", + "Out-of-context", + "code", + "(files", + "in", + "unexpected", + "locations,", + "unusual", + "imports)", + "-", + "Obfuscation", + "(base64", + "encoding", + "of", + "sensitive", + "data,", + "hex", + "strings)", + "-", + "Suspicious", + "exec/system", + "calls", + "-", + "Hardcoded", + "IPs", + "/", + "external", + "unauthorized", + "domains", + "-", + "eval/dynamic", + "code", + "execution", + "-", + "Sensitive", + "file", + "access", + "(/etc/passwd,", + "/proc,", + "/root)", + "**No", + "suspicious", + "patterns", + "detected.**", + "All", + "findings", + "were", + "confirmed", + "legitimate:", + "-", + "`4.1.3.6`", + "occurrences", + "→", + "MCP", + "Gateway", + "specification", + "section", + "references", + "(§4.1.3.6)", + "-", + "`/etc/passwd`", + "references", + "→", + "security", + "test", + "cases", + "validating", + "path", + "traversal", + "protection", + "-", + "`eval()`", + "in", + "JS", + "files", + "→", + "test", + "harness", + "pattern", + "for", + "dynamically", + "loading", + "script", + "modules", + "under", + "test", + "-", + "`exec.Command`", + "→", + "legitimate", + "`git`,", + "`docker`,", + "`crane`", + "CLI", + "invocations", + "-", + "Token", + "+", + "network", + "combinations", + "→", + "workflow", + "YAML", + "definitions", "and", - "aw_chkout2", - "(Checkout", - "code,", - "2", - "files)", - "are", - "still", - "open.", - "Confirmed", - "aw_safeout1", - "is", - "now", - "resolved:", - "'Upload", - "Safe", - "Output", - "Items'", - "(singular)", - "no", - "longer", - "exists,", - "replaced", - "by", - "'Upload", - "Safe", - "Outputs", - "Items'", - "(plural).", - "'Upload", - "Safe", - "Outputs", - "Assets'", + "sanctioned", + "OTLP", + "telemetry", + "infrastructure", + "-", + "Notable", + "security-positive", + "changes:", + "commit", + "e61c83d", + "fixes", + "agent-stdio.log", + "world-readable", + "exposure", "and", - "'Upload", - "Safe", - "Outputs", - "Items'", - "confirmed", - "as", - "distinct", - "intentional", - "steps", - "(different", - "upload", - "paths).", - "Cache", - "updated.", + "MCP", + "gateway", + "token", + "leakage", + "in", + "redaction", + "pipeline", "status=noop" ] }, { - "id": 1, + "id": 3, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "action", + "ADR", + "enforcement", "needed:", - "Analyzed", - "module", - "`github.com/aymanbagabas/go-osc52/v2`", - "(next", - "in", - "round-robin", - "from", - "107", - "Go", - "dependencies", - "in", - "SBOM).", - "Module", + "PR", + "#25890", "is", - "MIT", - "licensed,", + "a", + "formatting-only", + "fix", + "(prettier", + "compliance", + "for", + "git_helpers.cjs).", + "It", "has", "no", - "transitive", - "dependencies,", + "\"\u003c*\u003e\"", + "label,", + "adds", + "0", + "new", + "lines", + "in", + "business", + "logic", + "directories,", "and", - "introduces", + "makes", "no", - "GPL-type", - "licenses.", - "Also", - "verified", - "licenses", - "for", - "30+", - "additional", - "modules", + "architectural", + "or", + "design", + "decisions", + "—", + "only", + "collapses", + "a", + "multi-line", + "Error", + "constructor", + "to", + "a", + "single", + "line", + "to", + "pass", + "the", + "lint", + "check.", + "status=noop" + ] + }, + { + "id": 14, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "test", + "files", + "were", + "added", + "or", + "modified", + "in", "this", - "run", - "(all", - "MIT,", - "BSD-2-Clause,", - "BSD-3-Clause,", - "Apache-2.0,", + "PR.", + "The", + "only", + "changes", + "are", + "to", + "`.github/workflows/design-decision-gate.md`", + "and", + "`.github/workflows/design-decision-gate.lock.yml`.", + "Test", + "Quality", + "Sentinel", + "skipped.", + "status=noop" + ] + }, + { + "id": 20, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25856", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "0", + "new", + "lines", + "of", + "code", + "in", + "the", + "default", + "business", + "logic", + "directories", + "(src/,", + "lib/,", + "pkg/,", + "internal/,", + "app/,", + "core/,", + "domain/,", + "services/,", + "api/).", + "The", + "60", + "additions", + "are", + "in", + "actions/setup/js/", + "(3", + "lines", + "production", + "code", + "+", + "57", + "lines", + "tests),", + "which", + "is", + "outside", + "the", + "enforced", + "scope.", + "status=noop" + ] + }, + { + "id": 24, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=All", + "Safe", + "Outputs", + "conformance", + "checks", + "passed", + "-", + "no", + "CRITICAL/HIGH/MEDIUM", + "issues", + "found.", + "3", + "LOW", + "severity", + "issues", + "detected", + "(2x", + "USE-001", + "missing", + "standardized", + "error", + "codes,", + "1x", + "USE-003", + "missing", + "staged", + "mode", + "emoji)", + "but", + "below", + "the", + "5+", + "threshold", + "for", + "issue", + "creation.", + "Script", + "exit", + "code:", + "0.", + "Run", + "ID:", + "24292507725.", + "status=noop" + ] + }, + { + "id": 5, + "size": 2, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "\u003c*\u003e", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "only", + "\u003c*\u003e", + "new", + "lines", + "of", + "code", + "in", + "business", + "logic", + "directories", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "is", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "\u003c*\u003e", + "status=noop" + ] + }, + { + "id": 6, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "test", + "files", + "were", + "added", "or", - "Unlicense", + "modified", + "in", + "PR", + "#25886.", + "The", + "only", + "changed", + "file", + "is", + "`actions/setup/js/git_helpers.cjs`", + "(7", + "additions,", + "2", + "deletions", "—", - "all", - "compatible", - "with", - "MIT).", - "Cache", - "state", - "updated", + "a", + "production", + "JavaScript", + "fix", + "for", + "TypeScript", + "Error.code", + "property", + "handling).", + "Test", + "Quality", + "Sentinel", + "skipped", + "—", + "nothing", "to", - "track", - "progress", - "(12/107", - "modules", - "checked).", + "analyze.", "status=noop" ] }, { - "id": 3, + "id": 15, "size": 1, "stage": "tool_result", "template": [ @@ -639,115 +927,63 @@ "test", "complete", "—", - "all", + "no", + "PR/issue", + "to", + "comment", + "on", + "(pull-request-number", + "and", + "issue-number", + "are", + "both", + "empty).", + "All", "12/12", "tools", - "available:", - "|", - "Tool", - "|", - "Status", - "|", - "Version", - "|", - "|------|--------|---------|", - "|", + "verified:", "bash", - "|", - "✅", - "|", "5.2.21", - "|", - "|", + "✅,", "sh", - "|", - "✅", - "|", - "available", - "|", - "|", + "✅,", "git", - "|", - "✅", - "|", "2.53.0", - "|", - "|", + "✅,", "jq", - "|", - "✅", - "|", "1.7", - "|", - "|", + "✅,", "yq", - "|", - "✅", - "|", - "v4.52.5", - "|", - "|", + "4.52.5", + "✅,", "curl", - "|", - "✅", - "|", "8.5.0", - "|", - "|", + "✅,", "gh", - "|", - "✅", - "|", "2.89.0", - "|", - "|", + "✅,", "node", - "|", - "✅", - "|", "v20.20.2", - "|", - "|", + "✅,", "python3", - "|", - "✅", - "|", "3.12.3", - "|", - "|", + "✅,", "go", - "|", - "✅", - "|", "1.24.13", - "|", - "|", + "✅,", "java", - "|", - "✅", - "|", - "openjdk", - "21.0.10", - "|", - "|", + "10.0.201", + "✅,", "dotnet", - "|", - "✅", - "|", "10.0.201", - "|", - "**Result:**", - "12/12", - "tools", - "available", - "✅", - "—", - "PASS", + "✅.", + "Overall:", + "PASS.", "status=noop" ] }, { - "id": 4, + "id": 23, "size": 1, "stage": "tool_result", "template": [ @@ -758,664 +994,1186 @@ "Queried", "all", "open", - "issues", + "draft", + "PRs", "in", "github/gh-aw", - "for", - "no:label", + "(is:pr", + "is:open", + "is:draft)", "and", "found", "0", - "unlabeled", - "issues.", - "All", - "open", - "issues", - "already", - "have", - "at", - "least", - "one", - "label", - "applied", - "—", - "the", - "unlabeled", - "percentage", - "is", - "currently", - "0%,", - "well", - "below", - "the", - "5%", - "target", - "threshold.", + "results.", + "No", + "warnings,", + "labels,", + "or", + "closures", + "required.", "status=noop" ] }, { - "id": 6, + "id": 26, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "SQL", - "injection", - "vulnerabilities", - "found.", - "The", - "gh-aw", - "codebase", + "ADR", + "enforcement", + "needed:", + "PR", + "#25849", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", "has", - "no", - "SQL", - "database", - "usage", - "—", - "no", - "imports", + "0", + "new", + "lines", "of", - "database/sql,", - "sqlx,", - "gorm,", - "pgx,", - "or", - "any", - "SQL", - "ORM/driver.", - "All", - "\"\u003c*\u003e\"", - "references", + "code", "in", - "the", - "codebase", + "business", + "logic", + "directories.", + "All", + "31", + "changed", + "lines", "are", + "documentation", + "updates", "in", - "test", - "fixture", - "data", - "representing", - "Docker", - "service", - "configurations", - "in", - "GitHub", - "Actions", - "workflows,", - "not", - "application", - "database", - "access.", - "There", - "is", - "no", - "attack", - "surface", - "for", - "SQL", - "injection", + "`.github/aw/debug-agentic-workflow.md`,", + "`docs/src/content/docs/reference/audit.md`,", + "and", + "`docs/src/content/docs/reference/cost-management.md`.", + "status=noop" + ] + }, + { + "id": 27, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "PR/issue", + "to", + "comment", + "on", + "(no", + "pull-request-number", "in", - "this", - "repository.", + "context).", + "All", + "3", + "Redis", + "smoke", + "tests", + "passed:", + "PING", + "returned", + "PONG,", + "SET/GET", + "round-tripped", + "\"\u003c*\u003e\",", + "INFO", + "returned", + "Redis", + "7.4.8", + "server", + "info.", + "Used", + "nc", + "as", + "fallback", + "(redis-cli", + "not", + "available).", + "Tests", + "run", + "via", + "host.docker.internal:6379.", "status=noop" ] }, { - "id": 7, + "id": 9, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "action", + "test", + "files", + "were", + "added", + "or", + "modified", + "in", + "PR", + "#25883", + "(\"\u003c*\u003e\").", + "All", + "178", + "changed", + "files", + "are", + "compiled", + "`.lock.yml`", + "workflow", + "artifacts", + "—", + "no", + "Go", + "(`*_test.go`)", + "or", + "JavaScript", + "(`*.test.cjs`,", + "`*.test.js`)", + "test", + "files", + "were", + "touched.", + "Test", + "Quality", + "Sentinel", + "skipped.", + "status=noop" + ] + }, + { + "id": 10, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", "needed:", - "Issue", - "#25548", - "already", + "PR", + "#25883", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", "has", - "appropriate", - "labels", - "(enhancement,", - "awf).", + "only", + "1", + "new", + "line", + "of", + "code", + "in", + "business", + "logic", + "directories", + "(pkg/workflow/threat_detection.go),", + "well", + "below", + "the", + "100-line", + "threshold.", "The", - "issue", + "remaining", + "177", + "changed", + "files", + "are", + "auto-regenerated", + ".github/workflows/*.lock.yml", + "files", + "updating", + "container", + "image", + "SHA", + "pins.", + "This", "is", "a", - "feature", - "request", - "to", - "add", - "--diagnostic-logs", - "flag", - "for", - "collecting", - "Docker", - "operational", - "logs", - "on", - "AWF", - "failures.", - "Author", + "targeted", + "bug", + "fix,", + "not", + "an", + "architectural", + "decision", + "requiring", + "an", + "ADR.", + "status=noop" + ] + }, + { + "id": 22, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "action", + "needed:", + "All", + "safe-output", + "types", + "already", + "have", + "complete", + "test", + "coverage.", + "Every", + "type", + "defined", + "in", + "`SafeOutputsConfig`", + "in", + "`pkg/workflow/compiler_types.go`", + "has:", + "1.", + "At", + "least", + "one", + "test", + "workflow", + "in", + "`pkg/cli/workflows/`", + "(e.g.,", + "`test-copilot-close-pull-request.md`,", + "`test-copilot-submit-pull-request-review.md`,", + "etc.)", + "2.", + "A", + "Go", + "compiler", + "test", + "case", + "in", + "`pkg/workflow/compiler_safe_outputs_config_test.go`", + "(46", + "test", + "cases", + "covering", + "all", + "output", + "types", + "including", + "create-issue,", + "close-pull-request,", + "submit-pull-request-review,", + "reply-to-pull-request-review-comment,", + "resolve-pull-request-review-thread,", + "create-code-scanning-alerts,", + "upload-artifact,", + "report-incomplete,", + "and", + "all", + "others)", + "Coverage", "is", - "a", - "COLLABORATOR,", - "so", + "complete", + "—", "no", - "community", - "label", + "new", + "files", + "or", + "test", + "cases", + "are", "needed.", "status=noop" ] }, { - "id": 9, + "id": 2, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", - "message=All", - "Safe", - "Outputs", - "conformance", - "checks", - "passed", - "-", - "no", - "issues", + "message=No", + "test", + "files", + "were", + "added", + "or", + "modified", + "in", + "PR", + "#25890.", + "The", + "PR", + "only", + "contains", + "a", + "formatting", + "fix", "to", - "report.", - "Script", - "exited", + "`actions/setup/js/git_helpers.cjs`", + "(1", + "addition,", + "3", + "deletions", + "—", + "Prettier", + "lint", + "fix).", + "Test", + "Quality", + "Sentinel", + "skipped.", + "status=noop" + ] + }, + { + "id": 7, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25886", + "is", + "a", + "7-line", + "TypeScript", + "type-fix", + "bug", + "(JSDoc", + "casts", + "in", + "git_helpers.cjs)", "with", + "no", + "\"\u003c*\u003e\"", + "label", + "and", + "zero", + "new", + "lines", + "of", "code", - "0.", - "Results:", - "0", - "Critical,", - "0", - "High,", - "0", - "Medium,", - "2", - "Low", - "failures.", + "in", + "any", + "business", + "logic", + "directory", + "(src/,", + "lib/,", + "pkg/,", + "internal/,", + "app/,", + "core/,", + "domain/,", + "services/,", + "api/).", "The", - "2", - "LOW", - "findings", - "(USE-001:", - "generate_safe_outputs_tools.cjs", - "may", + "single", + "changed", + "file", + "is", + "under", + "actions/setup/js/,", + "which", + "is", + "outside", + "the", + "default", + "enforcement", + "scope.", + "status=noop" + ] + }, + { + "id": 8, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25885", + "does", "not", - "use", - "standardized", - "error", - "codes;", - "USE-003:", - "upload_artifact.cjs", - "missing", - "🎭", - "emoji", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "only", + "19", + "new", + "lines", + "of", + "code", + "(well", + "under", + "the", + "100-line", + "threshold)", "in", - "staged", - "mode)", - "do", + "business", + "logic", + "directories.", + "The", + "PR", + "is", + "a", + "pure", + "bug", + "fix", + "—", + "updating", + "hardcoded", + "SHA", + "references", + "in", + "9", + "test", + "files", + "to", + "match", + "an", + "updated", + "action_pins.json.", + "No", + "architectural", + "decisions", + "are", + "being", + "made.", + "The", + "PR", + "is", + "also", + "already", + "merged.", + "status=noop" + ] + }, + { + "id": 11, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25873", + "does", "not", - "meet", + "have", "the", - "threshold", - "for", - "issue", - "creation", - "(requires", - "5+", - "LOW", - "issues", + "'implementation'", + "label", + "and", + "has", + "only", + "57", + "new", + "lines", + "of", + "code", "in", - "same", - "category).", + "business", + "logic", + "directories", + "(pkg/parser/yaml_import.go:", + "20,", + "pkg/parser/yaml_import_copilot_setup_test.go:", + "37),", + "which", + "is", + "≤", + "the", + "100-line", + "threshold.", + "The", + "remaining", + "53", + "additions", + "are", + "in", + ".github/workflows/", + "files,", + "which", + "are", + "not", + "classified", + "as", + "core", + "business", + "logic", + "directories.", "status=noop" ] }, { - "id": 10, + "id": 13, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", - "message=✅", - "Daily", - "malicious", - "code", - "scan", - "completed.", - "Analyzed", - "296", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25872", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "only", + "1", + "new", + "line", + "of", "code", + "in", + "business", + "logic", + "directories", + "(pkg/workflow/compiler_safe_outputs_job.go).", + "The", + "PR", + "is", + "a", + "mechanical", + "shellcheck", + "fix", + "(SC2086/SC2012/SC2129)", + "that", + "quotes", + "shell", + "variables", + "across", + "15", + "workflow", "files", - "(145", - "commits)", + "—", + "no", + "architectural", + "design", + "decisions", + "are", + "being", + "made.", + "status=noop" + ] + }, + { + "id": 17, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "action", + "needed:", + "Triage", + "run", + "#24295465215", + "found", + "6", + "open", + "Copilot-authored", + "PRs", + "(#25873,", + "#25872,", + "#25871,", + "#25870,", + "#25868,", + "#25830),", + "all", "from", + "same-repo", + "branches", + "(not", + "forks).", + "Per", "the", - "last", - "3", - "days", - "across", - "authors:", - "Copilot", - "(100),", - "github-actions[bot]", - "(27),", - "dependabot[bot]", - "(9),", - "and", - "4", - "human", - "contributors.", - "**Patterns", - "scanned:**", - "-", - "Secret", - "exfiltration", - "(env", - "vars", - "+", - "network", - "calls)", - "-", - "Obfuscated/encoded", - "payloads", - "(base64,", - "hex)", - "-", - "Suspicious", - "eval/exec", + "fork-only", + "triage", + "policy,", + "all", + "were", + "excluded.", + "No", + "fork", + "PRs", + "to", + "triage.", + "State", + "saved", + "to", + "repo", + "memory.", + "status=noop" + ] + }, + { + "id": 19, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "action", + "needed:", + "Scanned", + "the", + "entire", + "gh-aw", + "repository", + "for", + "SQL", + "injection", + "vulnerabilities.", + "The", + "codebase", + "contains", + "no", + "SQL", + "database", "usage", - "-", - "External", - "unauthorized", - "HTTP", + "—", + "no", + "database/sql", + "imports,", + "no", + "SQLite/PostgreSQL/MySQL", + "drivers,", + "and", + "no", + "raw", + "SQL", + "query", + "construction.", + "All", + "\"\u003c*\u003e\"", + "references", + "are", + "parameterized", + "GraphQL", + "API", "calls", - "-", - "Unusual", - "file", - "additions", - "in", - "unexpected", - "locations", - "-", - "Suspicious", - "system", - "operations", - "-", - "Out-of-context", - "cryptographic", - "operations", - "**Key", - "changes", - "reviewed:**", - "-", - "New", - "`copilot_driver.cjs`:", - "Legitimate", - "retry", - "wrapper", - "for", - "Copilot", - "CLI", - "subprocess", - "-", - "New", - "`upload_artifact.cjs`:", - "Safe-output", - "artifact", - "upload", - "handler", - "with", - "path", - "traversal", - "protection", - "-", - "New", - "`start_cli_proxy.sh`", - "/", - "`stop_cli_proxy.sh`:", - "Docker-based", - "CLI", - "proxy", - "lifecycle", - "scripts", - "using", - "project-scoped", - "images", - "(ghcr.io/github/gh-aw-mcpg)", - "-", - "New", - "`runner_guard.go`:", - "Taint", + "to", + "GitHub.", + "Semgrep", + "could", + "not", + "be", + "installed", + "due", + "to", + "network", + "restrictions", + "(proxy", + "blocked),", + "but", + "manual", + "grep", "analysis", - "scanner", - "integration", - "with", - "input", - "validation", - "(#nosec", - "comment", - "appropriately", - "placed)", - "-", - "`sanitize_content_core.cjs`", - "changes:", - "Security", - "hardening", - "(homoglyph", - "normalization,", - "percent-encoding", - "bypass", - "prevention)", - "-", - "`eval()`", - "uses:", - "All", + "confirmed", + "no", + "SQL", + "injection", + "attack", + "surface", + "exists", "in", - "`.test.cjs`", + "Go", "files", - "for", - "test", - "harness", - "simulation", + "(*.go)", + "or", + "JavaScript", + "files", + "(*.cjs).", + "No", + "findings", + "to", + "report.", + "status=noop" + ] + }, + { + "id": 21, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "action", + "needed:", + "Reviewed", + "9", + "active", + "workflows", + "from", + "last", + "24", + "hours", + "(8", + "schedule", + "+", + "1", + "PR-triggered).", + "All", + "reporting", + "workflows", + "that", + "create", + "discussions/issues", + "are", + "compliant", + "with", + "style", + "guidelines:", + "**Compliant", + "(import", + "shared/reporting.md):**", + "daily-observability-report,", + "daily-performance-summary,", + "daily-safe-output-integrator,", + "daily-safe-output-optimizer,", + "daily-secrets-analysis,", + "api-consumption-report", + "**Compliant", + "(explicit", + "inline", + "guidelines):**", + "draft-pr-cleanup", + "(has", + "inline", + "h3", + "and", + "details", + "instructions)", + "**Not", + "reporting", + "workflows", + "(N/A):**", + "daily-semgrep-scan", + "(only", + "creates", + "code-scanning", + "alerts),", + "issue-monster", + "(assigns", + "issues", + "to", + "agents)", + "All", + "reporting", + "workflows", + "follow", + "proper", + "header", + "levels", + "(h3+)", + "and", + "progressive", + "disclosure", + "with", + "\u003cdetails\u003e", + "tags.", + "No", + "improvements", + "needed.", + "status=noop" + ] + }, + { + "id": 1, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", + "action", + "needed:", + "Analyzed", + "`github.com/bmatcuk/doublestar/v4`", + "(round-robin", + "module", + "14/107).", + "License", + "confirmed", + "MIT", + "with", + "no", + "transitive", + "dependencies", "—", - "pre-existing", - "pattern,", - "not", - "new", - "production", - "code", - "-", - "GITHUB_TOKEN", - "references:", + "no", + "GPL/LGPL/AGPL", + "found.", + "Cache", + "state", + "updated.", "All", - "legitimate", - "(proxy", - "setup,", + "107", + "SBOM", + "Go", + "packages", + "were", + "scanned;", + "no", + "GPL-type", + "licenses", + "detected", + "across", + "the", + "full", + "dependency", + "graph", + "(all", + "licenses", + "are", + "MIT,", + "Apache-2.0,", + "BSD-3-Clause,", + "or", + "similar", + "permissive", + "licenses).", + "status=noop" + ] + }, + { + "id": 25, + "size": 1, + "stage": "tool_result", + "template": [ + "stage=tool_result", + "message=No", "test", - "mocks", - "with", - "`delete`", - "to", - "clean", - "env)", - "**No", - "suspicious", - "patterns", - "detected.**", - "All", + "files", + "were", + "added", + "or", + "modified", + "in", + "this", + "PR.", + "The", "changes", - "align", - "with", - "the", - "repository's", - "purpose", - "(GitHub", - "CLI", - "extension", - "for", - "agentic", - "workflows)", + "only", + "affect", + ".github/aw/debug-agentic-workflow.md", + "(workflow", + "markdown)", "and", - "show", - "security-positive", - "patterns", - "(input", - "validation,", - "token", - "handling", - "hardening,", - "sanitization", - "improvements).", + "two", + "documentation", + "files.", + "Test", + "Quality", + "Sentinel", + "skipped.", "status=noop" ] }, { - "id": 11, + "id": 29, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", - "message=##", - "Service", - "Ports", - "Smoke", - "Test", - "(Redis)", - "|", - "Test", - "|", - "Status", - "|", - "|------|--------|", - "|", - "Redis", - "PING", - "|", - "✅", - "PONG", - "received", - "|", - "|", - "Redis", - "SET/GET", - "|", - "✅", - "Value", - "round-tripped", - "(`service-ports-ok`)", - "|", - "|", - "Redis", - "INFO", - "|", - "✅", - "Server", - "info", - "retrieved", - "(redis", - "7.4.8)", - "|", - "**Result:**", - "3/3", - "tests", - "passed", - "✅", - "Note:", - "`redis-cli`", - "was", + "message=No", + "ADR", + "enforcement", + "needed:", + "PR", + "#25838", + "does", "not", - "available;", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "only", + "29", + "new", + "lines", + "of", + "code", + "total,", "all", - "tests", - "used", - "`nc`", - "(netcat)", - "with", - "raw", - "Redis", - "protocol.", - "No", + "in", + "`actions/setup/js/`", + "which", + "is", + "not", + "a", + "business", + "logic", + "directory", + "(default", + "dirs:", + "src/,", + "lib/,", + "pkg/,", + "internal/,", + "app/,", + "core/,", + "domain/,", + "services/,", + "api/).", + "The", "PR", - "number", - "available", + "is", + "a", + "targeted", + "bug", + "fix", + "for", + "ENOBUFS", "in", - "this", - "workflow", - "context,", - "so", - "reporting", - "via", - "noop.", + "spawnSync,", + "not", + "an", + "architectural", + "decision.", "status=noop" ] }, { - "id": 2, + "id": 30, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "action", + "ADR", + "enforcement", "needed:", - "GitHub", - "Remote", - "MCP", - "authentication", - "test", - "passed.", - "MCP", - "tools", - "(github-issue_read,", - "github-list_issues)", - "successfully", - "accessed", - "github/gh-aw", - "using", + "PR", + "#25836", + "(\"\u003c*\u003e\")", + "does", + "not", + "have", "the", - "GitHub", - "Actions", - "token.", - "Retrieved", - "open", - "issues", - "without", - "authentication", - "errors.", + "'implementation'", + "label", + "and", + "has", + "only", + "7", + "new", + "lines", + "of", + "code", + "in", + "business", + "logic", + "directories", + "(pkg/workflow/).", + "The", + "200", + "total", + "additions", + "are", + "dominated", + "by", + "185", + "auto-recompiled", + ".lock.yml", + "files.", + "The", + "code", + "changes", + "are", + "a", + "cosmetic", + "naming", + "convention", + "fix", + "(title", + "case", + "→", + "sentence", + "case", + "for", + "two", + "compiler-generated", + "step", + "name", + "strings)", + "—", + "not", + "an", + "architectural", + "decision", + "warranting", + "an", + "ADR.", "status=noop" ] }, { - "id": 5, + "id": 12, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "action", - "needed:", - "Triage", - "complete", - "for", - "Run", - "#24220921278.", - "Found", - "2", - "open", - "Copilot-authored", - "PRs", - "(#25561", - "draft,", - "#25553", - "open),", - "both", - "originating", - "from", - "same-repo", - "branches", - "(not", - "forks).", - "Per", - "fork-only", - "triage", - "policy,", - "0", - "PRs", + "test", + "files", "were", - "eligible", - "for", - "triage.", + "added", + "or", + "modified", + "in", + "this", + "PR.", "PR", - "#25403", - "(previously", - "tracked", - "as", - "draft)", - "is", - "now", - "closed.", - "Memory", - "updated", - "with", - "current", - "state.", + "#25872", + "\"\u003c*\u003e\"", + "only", + "modifies", + "GitHub", + "Actions", + "workflow", + "lock", + "files", + "(.lock.yml),", + "workflow", + "markdown", + "files", + "(.md),", + "and", + "one", + "Go", + "production", + "file", + "(pkg/workflow/compiler_safe_outputs_job.go).", + "No", + "*_test.go", + "or", + "*.test.cjs", + "files", + "were", + "changed.", + "Test", + "Quality", + "Sentinel", + "skipped.", "status=noop" ] }, { - "id": 8, + "id": 16, "size": 1, "stage": "tool_result", "template": [ "stage=tool_result", "message=No", - "action", + "ADR", + "enforcement", "needed:", - "Analyzed", - "3", - "open", - "draft", - "PRs", - "in", - "github/gh-aw.", - "All", - "3", - "were", - "updated", - "today", - "(2026-04-09)", - "with", - "0", - "days", + "PR", + "#25870", + "does", + "not", + "have", + "the", + "'implementation'", + "label", + "and", + "has", + "only", + "18", + "new", + "lines", "of", - "inactivity", - "—", - "well", - "below", + "code", + "total", + "(well", + "under", "the", - "10-day", - "warning", - "threshold.", + "100-line", + "threshold).", + "The", + "changes", + "are", + "to", + "workflow/agent", + "configuration", + "files", + "(removing", + "`submit-pull-request-review`", + "safe-output", + "from", + "the", + "design-decision-gate", + "agent", + "spec),", + "not", + "in", + "the", + "monitored", + "business", + "logic", + "directories", + "(src/,", + "lib/,", + "pkg/,", + "internal/,", + "app/,", + "core/,", + "domain/,", + "services/,", + "api/).", "No", - "warnings", - "added,", - "no", - "PRs", - "closed.", - "Summary:", - "#25541", - "(0d", - "inactive),", - "#25540", - "(0d", - "inactive),", - "#25403", - "(0d", - "inactive).", - "None", - "have", - "exemption", - "labels.", - "All", - "classified", - "as", - "ACTIVE.", + "ADR", + "is", + "required", + "for", + "this", + "configuration-only", + "change.", "status=noop" ] } ], "config": { "Depth": 4, - "ExcludeFields": ["session_id", "trace_id", "span_id", "timestamp"], + "ExcludeFields": [ + "session_id", + "trace_id", + "span_id", + "timestamp" + ], "MaskRules": [ { "Name": "uuid", @@ -1453,6 +2211,6 @@ "RareClusterThreshold": 2, "SimThreshold": 0.4 }, - "next_id": 15 + "next_id": 31 } -} +} \ No newline at end of file